Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-13596

usercopy: kernel memory exposure attempt detected from ffff98c06ba17d80 (kmalloc-128) (48032 bytes)

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Minor
    • None
    • Lustre 2.10.8
    • kernel 3.10.0-1127.0.0.1chaos.ch6.x86_64
      lustre 2.10.8_9.chaos
    • 3
    • 9223372036854775807

    Description

      Our Lustre 2.10 stack is here: https://github.com/LLNL/lustre/releases/tag/2.10.8_9.chaos

      Compute node crashes with an LBUG. dmesg-vmcore.txt contains

      [677308.381183] usercopy: kernel memory exposure attempt detected from ffff98c06ba17d80 (kmalloc-128) (48032 bytes)
[677308.382142] usercopy: kernel memory exposure attempt detected from ffff98b452b38d80 (kmalloc-128) (48032 bytes)
[677308.382152] usercopy: kernel memory exposure attempt detected from ffff98b485643c00 (kmalloc-128) (48032 bytes)
[677308.382156] usercopy: kernel memory exposure attempt detected from ffff98acb7964b80 (kmalloc-128) (48032 bytes)
[677308.382192] ------------[ cut here ]------------
 [677308.382193] kernel BUG at mm/usercopy.c:72!
 [677308.382195] invalid opcode: 0000 [#1] SMP 
 [677308.382230] Modules linked in: osc(OE) mgc(OE) lustre(OE) lmv(OE) mdc(OE) lov(OE) fid(OE) fld(OE) ptlrpc(OE) obdclass(OE) ko2iblnd(OE) lnet(OE) libcfs(OE) bonding rpcrdma ib_iser opa_vnic iTCO_wdt iTCO_vendor_support sb_edac intel_powerclamp coretemp intel_rapl iosf_mbi hfi1 kvm ocrdma(T) irqbypass pcspkr rdmavt joydev sg lpc_ich i2c_i801 ioatdma ipmi_si ipmi_devintf ipmi_msghandler acpi_power_meter nf_log_ipv4 nf_log_common xt_LOG nf_conntrack_ipv4 nf_defrag_ipv4 xt_multiport xt_owner xfs xt_conntrack nf_conntrack libcrc32c iptable_filter acpi_cpufreq ib_ipoib sch_fq_codel rdma_ucm ib_uverbs binfmt_misc ib_umad msr_safe(OE) iw_cxgb4 rdma_cm iw_cm ib_cm iw_cxgb3 ib_core ip_tables nfsv3 nfs_acl rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache overlay(T) ext4 mbcache jbd2 dm_service_time
 [677308.382254] be2iscsi sd_mod crc_t10dif crct10dif_generic bnx2i cnic uio cxgb4i cxgb4 cxgb3i cxgb3 mdio libcxgbi 8021q libcxgb garp mrp stp qla4xxx llc iscsi_boot_sysfs mgag200 drm_kms_helper crct10dif_pclmul crct10dif_common syscopyarea crc32_pclmul sysfillrect sysimgblt crc32c_intel fb_sys_fops ghash_clmulni_intel igb ttm aesni_intel ahci lrw drm mxm_wmi gf128mul libahci glue_helper dca ablk_helper ptp cryptd libata be2net drm_panel_orientation_quirks pps_core i2c_algo_bit dm_multipath wmi sunrpc dm_mirror dm_region_hash dm_log dm_mod iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi
 [677308.382257] CPU: 30 PID: 46949 Comm: VCPoissonSolve3 Kdump: loaded Tainted: G OE ------------ T 3.10.0-1127.0.0.1chaos.ch6.x86_64 #1
 [677308.382258] Hardware name: Penguin Computing Relion 2900e/S2600WT2R, BIOS SE5C610.86B.01.01.0027.071020182329 07/10/2018
 [677308.382259] task: ffff98b45c04d230 ti: ffff98bbb56f0000 task.ti: ffff98bbb56f0000
 [677308.382266] RIP: 0010:[<ffffffffa805bc17>] [<ffffffffa805bc17>] __check_object_size+0x87/0x250
 [677308.382267] RSP: 0018:ffff98bbb56f3c50 EFLAGS: 00010246
 [677308.382268] RAX: 0000000000000063 RBX: ffff98b485643c00 RCX: 0000000000000000
 [677308.382269] RDX: 0000000000000000 RSI: 0000000000000292 RDI: 0000000000000292
 [677308.382270] RBP: ffff98bbb56f3c70 R08: ffffffffa8e0387c R09: ffffffffa8e75bc7
 [677308.382271] R10: 000000000008dd28 R11: 0000000000100000 R12: 000000000000bba0
 [677308.382271] R13: 0000000000000001 R14: ffff98b48564f7a0 R15: 000000000000bba0
 [677308.382273] FS: 00002aaaaab1bb40(0000) GS:ffff98c3bef00000(0000) knlGS:0000000000000000
 [677308.382274] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 [677308.382274] CR2: 000000000099d000 CR3: 0000001332614000 CR4: 00000000003607e0
 [677308.382275] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
 [677308.382276] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
 [677308.382277] Call Trace:
 [677308.382290] [<ffffffffc0cfe245>] lov_getstripe+0x705/0x9b0 [lov]
 [677308.382296] [<ffffffffa804fa42>] ? __mem_cgroup_commit_charge+0x112/0x340
 [677308.382301] [<ffffffffc0cfc64f>] lov_object_getstripe+0x6f/0x180 [lov]
 [677308.382336] [<ffffffffc122f55e>] cl_object_getstripe+0x6e/0x130 [obdclass]
 [677308.382352] [<ffffffffc13bae20>] ll_file_getstripe+0x70/0x170 [lustre]
 [677308.382361] [<ffffffffc13d0530>] ll_file_ioctl+0x11b0/0x3830 [lustre]
 [677308.382364] [<ffffffffa8004674>] ? handle_mm_fault+0x3a4/0x9b0
 [677308.382367] [<ffffffffa8075600>] do_vfs_ioctl+0x420/0x6d0
 [677308.382370] [<ffffffffa85ba76b>] ? __do_page_fault+0x24b/0x550
 [677308.382372] [<ffffffffa8075951>] SyS_ioctl+0xa1/0xc0
 [677308.382374] [<ffffffffa85c0112>] system_call_fastpath+0x25/0x2a

[677308.382392] Code: 45 d1 48 c7 c6 62 80 88 a8 48 c7 c1 4b 19 89 a8 48 0f 45 f1 49 89 c0 4d 89 e1 48 89 d9 48 c7 c7 d8 e6 88 a8 31 c0 e8 66 a7 54 00 <0f> 0b 0f 1f 80 00 00 00 00 48 c7 c0 00 00 e0 a7 4c 39 f0 73 0d 
 [677308.382394] RIP [<ffffffffa805bc17>] __check_object_size+0x87/0x250
 [677308.382395] RSP <ffff98bbb56f3c50>

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. LU-12580 usercopy exposure attempt detected in LL_IOC_LOV_GETSTRIPE ioctl

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Activity

            People

              pjones Peter Jones
              ofaaland Olaf Faaland
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: